07-30-2021 06:52 AM
Hi,
I am trying to setup DUO proxy but i am stuck. To login on LDAP i need to send user@UPN (user@example.com) to DUO proxy but user is registered in DUO as user (not as user@UPN) and i am getting error saying that that user is not registered. Below is log output:
user binddn fetched: username=user binddn=user@example.com
ldap bind failed: error=“LDAP Result Code 49 “Invalid Credentials”: Please enroll at https://■■■■■■■■■■■■■■■■■■■■■■/portal?code=code&akey=akey”
Is there way to strip down UPN from DUO request and query LDAP with just user from proxy side or is my only option to add alias for every user with every UPN i use(i have multiple UPN-s)?
Best regards
Solved! Go to Solution.
08-05-2021 02:19 PM
There are a few options here that may or may not apply…
Enable username normalization on the Duo LDAP application. This requires that the UPN prefix matches the username in Duo (“someuser” = “someuser@example.com”.
Add the “someuser@example.com” UPN value as a username alias to the existing “someuser” Duo username.
There’s an option for [ad_client]
that lets you specify the username attribute, but this is the attribute matched for primary auth, and doesn’t change the LDAP username received by the Duo proxy from the requesting application or service.
08-02-2021 12:59 AM
Is " Policy & Access Control forum" right section for this question?
08-05-2021 02:19 PM
There are a few options here that may or may not apply…
Enable username normalization on the Duo LDAP application. This requires that the UPN prefix matches the username in Duo (“someuser” = “someuser@example.com”.
Add the “someuser@example.com” UPN value as a username alias to the existing “someuser” Duo username.
There’s an option for [ad_client]
that lets you specify the username attribute, but this is the attribute matched for primary auth, and doesn’t change the LDAP username received by the Duo proxy from the requesting application or service.
08-06-2021 04:04 AM
Thank you so much. Option 1. is what i was looking for
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: